<< 1 >>
Rating: 
Summary: Excellent source for the repsonsibilities of Oracle Security
Review: A brief scan of one chapter told me all I needed to know about the authors' range and depth of knowledge. The use of views to restrict access to underlying tables was discussed without ever once stating clearly whether or not access to the underlying tables must be granted separately. The technique was also incorrectly and vaguely (but, as the authors state, "commonly") referred to as "row-level security," despite the fact that it can be used to restrict access to either columns (SELECT) or rows (WHERE) with equal facility. (A more professional term for the concept is "data-dependent" or "content-dependent" access control.) Only a few pages later, when discussing synonyms, the authors say, "...then grants access privileges to the synonym ..." A synonym is a passive entity that does not enjoy privileges. Rather, privileges are granted to users and roles BY MEANS OF the synonym. There is absolutely no room for such vague, paraprofessional handwaving or such freewheelingly inaccurate use of terminology in the database security sphere.
Rating: 
Summary: Good Book
Review: Good book but now sort of out of date given that Oracle is long past 8.0.4 that this book covers. No discussion concerning 8i and 9i. Needs an update - why hasn't O'Rielly done it yet?
Rating:
Summary: Good Book
Review: Good book but now sort of out of date given that Oracle is long past 8.0.4 that this book covers. No discussion concerning 8i and 9i. Needs an update - why hasn't O'Rielly done it yet?
Rating:
Summary: Excellent source for the repsonsibilities of Oracle Security
Review: I highly recommend this book to any professional interested in implementing or improving security within their database system. Ms Theriault and Mr Heney should be commended for their comprehensive and common sense approach to Oracle Security. There has never been a research and tool for implementing Oracle Security. This book provides not only the experienced Oracle DBA with tips and reasoning for implementing a security structure within a database, but it also offers the beginner and journeyman computer specialist with the functions of security. The book touches on many topics that are essential to maintaining any computer system. It details the reasoning behind what happens when you do a certain function and you run into problems.
Rating:
Summary: time for a re-write
Review: This book is ok as far as it goes,but it concentrates on the traditional aspects of database security; passwords, profiles, roles and privileges etc. As organisations move into web-enabling their databases, these security techniques are shown to be inadequate.Oracle 8i has introduced a stack of new security features, which are not covered in this book, or given a very broad coverage. Issues such as LDAP(Oracle Internet Directory) Advanced Security (the old Advanced Networkiing Option) Schema-less logins, single sign on, preserving user identity, secure application roles and virtual private databases should be addressed to help DBA's and IT managers formulate and plan a security strategy for web-enabled/ multi-tier databases. So the book as it stands is of limited usefulness. Unfortunately, there doesn't seem to be any other texts out there that cover these issues at the moment.
<< 1 >>
| 
